Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Delete the files in bold:C:\WINDOWS\cfgmgr52.dllC:\WINDOWS\System32\exp.exeC:\WINDOWS\System32\wintask.exeC:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5LP_0001_0715NetInstaller.exeC:\WINDOWS\system32\prisdecd.dll

Search for and delete AUNPS2.DLL. It is probably in C:\WINDOWS\SYSTEM32\.

Post a new HijackThis log in a reply to this topic. Are you still having problems?

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"WildTangent on-line games related; not required for the games to work. You can also uninstall it from Add or Remove Programs I think.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEApplication which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog and some users claim there's no difference with or without it but it usually isn't required - Note: if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show.

Close all browsers and windows except HijackThis and click "Fix checked".

Canoeingkidd

Posted 21 July 2005 - 11:18 AM

Canoeingkidd

Malware Expert

Retired Staff

148 posts

Good. Glad we could help. I always post my prevention speech at the end...it has plenty of pointers for staying clean.

As far as Norton Internet Security...I'm not a big fan of all-in-one packages and I think NIS is a resource hog myself...but it's alright I guess. You might wait until your subscription runs out and switch to something else.

And which browser to use. You shouldn't use Internet Explorer as it has many security vulnerabilities and is the target of most attacks. The most popular alternative to IE is Mozilla Firefox. It's what I use. Occasionally you will still need to use IE to browse sites that are built to only work in it (such as the Windows Update site).

I'd still like to see another HijackThis log just to make sure everything is clean although it is probably clean now.

You need to prevent re-infection. I strongly recommend you take the following steps because infections are likely to reoccur unless you are protected (I post the same speech for everyone so you may have already taken some of these steps):

Disable then re-enable System Restore. This will delete your old restore points. Malware could get backed up in System Restore. To do so in Windows XP see this tutorial. To do so in Windows ME see this tutorial. (If you are using a different Operating System skip this step).

Keep up-to-date with the latest security patches from Microsoft. This step is VERY important. Please visit http://www.windowsupdate.com in Internet Explorer and if it asks to install software, let it. Start the scan for updates needed for your computer. Install all critical updates. When it prompts you to reboot, do so. Then repeat this process again until there are no more critical updates listed.
You can also access the Windows Update site at any time by going to "Tools" > "Windows Update" in Internet Explorer. Please check for updates frequently.

Install Antivirus software. It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Two popular programs are AVG and Avast. Both have free versions for home users. Do not have more than one active antivirus at a time.

Install a Firewall. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Please see Understanding and Using Firewalls. Do not use more than one firewall. If you are using Windows XP SP2 the rather poor Windows Firewall is enabled by default and you will need to disable it before installing another one.

Stay away from Rogue/Suspect Anti-Spyware Products. "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection. See a list of known Rogue/Suspect Anti-Spyware Products compiled by Eric Howes at http://www.spywarewa...nti-spyware.htm.

Install IE-SPYADS. This script will place an enormous number of web sites known to be abusive into Internet Explorer's "Restricted Zone". Any site in that list will be unable to run javascripts, java applets, set or read cookies or use ActiveX scripting. You still will be able to visit those sites but they will be very limited in what they can do.
Download it from HERE. Read the "ReadMe.txt" included with the download for help installing it. You will need to download new versions occasionally and uninstall the old version.

Keep these programs updated. If you do not they will not help you very much.